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REMARKS 

This Amendment and Response is filed in reply to the Office Action dated January 1 3, 
2004. In this Response, Applicants amend independent claims 1, 8, and 13 to traverse the 
Examiner's rejections. Amendments to the claims are not an acquiescence to any of the 
rejections. Furthermore, silence with regard to any of the Examiner's rejections is not an 
acquiescence to such rejections. Specifically, silence with regard to.Examiner's rejection of a . 
dependent claim, when such claim depends from an independent claim that Applicants consider 
allowable for reasons provided herein, is not an acquiescence to such rejection of the dependent 
claim(s), but rather a recognition by Applicants that such previously lodged rejection is moot 
based on Applicants' remarks and/or amendments relative to the independent claim (that 
Applicants consider allowable) from which the dependent claim(s) depends. Furthermore, 
amendments to the claims are being made solely to expedite prosecution of the instant 
application. Applicants reserve the option to further prosecute the same or similar claims in the 
instant or a subsequent application. 

Upon entry of the Amendment, claims 1-17 are pending in the present application. The 
issues of the January 13, 2004 Office Action are presented below with reference to the Office 
Action. 



With regard to the Office Action Summary : Applicants appreciate that the drawings filed on 
October 6, 2003 are accepted. 

With regard to the Office Action, paragraph 1 : Applicants thank the Examiner for noting that a 
Change of Address/Power of Attorney was filed on January 21, 2003. Applicants provide herein 
a Revocation of Power of Attorney and Change of Correspondence Address with respect to the 
subject case. Applicants respectfully request entry of the same. 

With regar d to the Office Action, paragraphs 2-5 : 

(1) Claims 1, 2, and 7-14 were rejected under 35 U.S.C. 103(a) as being unpatentable over Davis 
et al. (U.S. Patent No. 6,367,009) in view of Krueger et al. (U.S. Patent No. 4,962,533); 
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(2) Claims 4-6, 16, and 1 7 were rejected under 35 U.S.C. 103(a) as being unpatentable over 
Davis et al. and Krueger et al. in view of Ginzboorg et al. (U.S. Patent No. 6,240,091); 

(3) Claims 3 and 15 were rejected under 35 U.S.C. 103(a) as being unpatentable over Davis et 
al. and Krueger et al. in view of Grimmer (U.S. Patent No. 5,774,552). 

With respect to (1) above, Applicants' independent claim 1, directed to an access system 
for a computer site, is amended to more clearly recite the claimed features to include, among 
other things, "a directory, coupled to the certificate authentication component, to maintain an 
account for each user, each account containing an access policy specifying at least one portion of 
the computer site to which the corresponding user is permitted access." The application 
provides that a "LDAP directory, which may be provided in the security application, may 
provide information . . . relating to a plurality of extranet users and the regions or sites of the 
extranet to which they are permitted access." Further, the "security application may also 
maintain an account for each user." (application, page 13, lines 4-8, line 16) Thus, an LDAP 
directory can maintain an account for each user, where each account contains an access policy 
specifying portions of a computer site to which the corresponding user is permitted access, as 
claimed in independent claim I. 

In contrast, Davis et al. do not teach such feature of Applicants' independent claim 1. 
Rather, Davis et al. teach access control in which access to a server (end-tier server) is either 
entirely granted or denied based on comparing a user name to a list of authorized users. If a user 
name is on the list, requests submitted to the server using the user name are processed, and if the 
user name is not on the list, requests submitted to the server using the user name are rejected 
(Davis et al., col. 13, lines 27-42). Davis et al. thus teach maintaining an access control list 
against which user names can be compared to grant or deny access. Davis et al.'s access control 
list for a given server is not the same as Applicants' claimed account for each user, where 
Applicants' independent claim 1 further states that each account contains an access policy 
specifying at least one portion of the compute site to which the corresponding user is permitted 



access. 



Moreover, Krueger et al. also do not teach Applicants' claimed maintaining an account 
for each user, each account containing an access policy specifying at least one portion of the 
computer site to which the corresponding user is permitted access. Rather, Krueger et al. teach 
that every process executing on the computer system is associated with a user and a maximum 
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level of clearance. Additionally, each individual data word in the system is associated with a 
security level Krueger et al. teach that a process/user can only access a data word when the 
process/user's level of clearance dominates the data word's security level. (Krueger et al., col. 1 
lines 19-41) Unlike Applicants' claimed access policy that specifies a portion of the computer 
site to which the user is permitted access, Krueger et al.'s process/user level of clearance 
specmes nothing with regard to accessing anything in particular (e.g., data words), but rather, 
Krueger et al.'s process/user level of clearance exists to be compared to Krueger et al.'s data ' 
words' security level, whereupon access is determined only upon such comparison. 
Accordingly, Krueger et al.'s level of clearance, by itself, specifies nothing in terms of access, 
which is in contrast to Applicants' claimed access policy specifying at least n n . r w„ „ f .ul 
computer site to which the correspondin g user is permitted access 

As Examiner knows, and based at least on MPEP 2143, a prima facie case of obviousness 
under 35 U.S.C. 103(a) requires (1) a suggestion or motivation in the references themselves or 
generally known in the art, to combine the references, (2) a reasonable expectation of success to 
combine, and (3) a teaching, via the combination, of all the claimed limitations. In re Vaeck, 947 
F. 2d. 488, 20 USPQ2d 1438 (Fed. Or. 1991). 

Because neither Davis et al. or Krueger et al., alone or in combination, teaches a 
directory, coupled to the certificate authentication component, to maintain an account for each 
user, each account containing an access policy specifying at least one portion of the computer 
site to which the corresponding user is permitted access, as claimed by Applicants in 
independent claim 1, aprima facie case of obviousness is not satisfied under 35 U.S.C. 103(a) at 
least for failing to show that all elements of Applicants' claims would be satisfied by the 
combination. 

Applicants' silence with respect to other requirements for prima facie obviousness should 
not be construed as an acquiescence to such other requirements, but rather, a recognition by 
Applicants that the satisfaction or non-satisfaction of such elements is moot based on the failure 
of the proposed combination to show all elements of Applicants' claims. 

Accordingly, Applicants traverse the Examiner's rejection of independent claim 1 based 
on 35 U.S.C. § 103(a), and consider independent claim 1, as amended, to be allowable. Similar 
to independent claim 1, independent claims 8 and 13, as amended, also recite "an account for 
each user, each account containing an access policy specifying at least one portion of the 
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computer site to which the corresponding user is permitted access." Accordingly, Applicants 
also consider independent claims 8 and 13 to be allowable. Claims 2-7 depend from allowable 
independent claim 1, claims 9-12 depend upon allowable independent claim 8, and claims 14-17 
depend upon independent claim 13, and thus such dependent claims 2-7, 9-12, and 14-17 are also 
allowable for depending upon allowable base claims. 



Applicants consider the Response herein to be fully responsive to the referenced Office 
Action. Based on the above Remarks, it is respectfully submitted that this application is in 
condition for allowance. Accordingly, allowance is requested. If there are any remaining issues 
or the Examiner believes that a telephone conversation with Applicants* attorney would be 
helpful in expediting the prosecution of this application, the Examiner is invited to call the 
undersigned at (972) 7 1 8-4800. 



CooclusioD 



Respectfully submitted, 



Date: April 13, 2004 




Joel W411 . 
Attorney for Applicants 
Registration No. 25,648 



Verizon Corporate Services Group Inc. 
c/o Christian Andersen 



600 Hidden Ridge, HQE03H01 
Irving, TX 75038 
Tel.: (972) 718-4800 
CUSTOMER NO. 32127 
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